<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: pi_clickandbuy_mms.php 188 2013-09-22 07:57:10Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 188 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-22 07:57:10 +0000 (Sun, 22 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */
/**
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License, version 2, as
 * published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * @category  PayIntelligent
 * @package   PayIntelligent_ClickandBuy
 * @copyright (C) 2010 PayIntelligent GmbH  <http://www.payintelligent.de/>
 * @license   GPLv2
 */

$xml = stripslashes($_POST["xml"]);

require('includes/application_top.php');		

require('callback/pi_clickandbuy/lib/xml.php');

$sendEmailTo = $cab->MMS_EMAIL_TO;
$sendEmailFrom = $cab->MMS_EMAIL_FROM;	

if(($cab->checkSignature($xml, false) != true) && ($cab->checkSignature($xml, true) != true)) {
	if($cab->MMS_LOG == true) {	
		$handle = fopen( "cache/mms.log", "a+" );
		fwrite( $handle, "------------ new entry, received @ ". date( 'Y-m-d H:i:s' ) ." ------------------- \n" );
		fwrite( $handle,  "Signature check failed\n" );
		fwrite( $handle, print_r($xml, true ) . "\n" );
		fclose( $handle );		
	}
	die('Signature check failed');
}

if($cab->MMS_LOG == true) {	
	$handle = fopen( "cache/mms.log", "a+" );
	fwrite( $handle, "------------ new entry, received @ ". date( 'Y-m-d H:i:s' ) ." ------------------- \n" );
	fwrite( $handle, print_r($xml, true ) . "\n" );
	fclose( $handle );
}

if(!empty($sendEmailTo) && !empty($sendEmailFrom))
	$cab->sendMail($sendEmailTo,$sendEmailFrom,$xml);

// Un-quotes a quoted string
$data = stripslashes($xml);		
// Set Array 
$xmlArray = XML_unserialize($data);			

$signature = $xmlArray['eventlist']['signature'];
$eventType = array('payEvent', 'refundEvent', 'creditEvent', 'recurringPaymentAuthorizationEvent');

foreach ($eventType as $key) {
	$eventList =  $xmlArray['eventlist'][$key];

	if (!empty($eventList)) {				
		$functionName = $key.'List'; 
		$functionName($eventList,$signature);
	}	
}
		
echo 'OK';
exit;	

function payEventList($payEventList,$signature) {				
	global $xml;

	if (!is_array($payEventList[0])) {
		$payEventList = array($payEventList);
	}
		
	foreach($payEventList as $key => $value) {

		$merchantID = $value['merchantID'];
		$projectID = $value['projectID'];
		$eventID = $value['eventID'];
		$creationDateTime = $value['creationDateTime'];
		$transactionID = $value['transactionID'];
		$externalID = $value['externalID'];
		$crn = $value['crn'];
		$transactionAmount = $value['transactionAmount']['amount'];
		$transactionCurrency = $value['transactionAmount']['currency'];
		$merchantAmount = $value['merchantAmount']['amount'];
		$merchantCurrency = $value['merchantAmount']['currency'];
		$oldState = $value['oldState'];
		$newState = $value['newState'];

		$count = getCountEventID($eventID);			
		if(empty($count) || ($count < 1)) {					
			$shopOrderID = 0;			
	
			$shopOrderIDOrder = isOrder($externalID);
			$shopOrderIDTransaction = isTransaction($externalID);
	
			if(!empty($shopOrderIDTransaction)) {
				$shopOrderID = $shopOrderIDTransaction;					
				updateTransactionStatus($externalID,$newState);								
			} else {
				$shopOrderID = $shopOrderIDOrder;									
			}					

			$serializeArray = array();
			$serializeArray['eventlist']['signature'] = $signature;
			$serializeArray['eventlist']['payEvent'] = $value;
			$eventXML = XML_serialize($serializeArray);			
			insert_mms($eventID,$shopOrderID,$externalID,$transactionID,$oldState,$newState,$eventXML);											
		}		
	}
}
	
function refundEventList($refundEventList,$signature) {
	global $xml, $db;
	
	if (!is_array($refundEventList[0]))
		$refundEventList = array($refundEventList);
	
	foreach($refundEventList as $key => $value) {
		$merchantID = $value['merchantID'];
		$projectID = $value['projectID'];
		$eventID = $value['eventID'];
		$creationDateTime = $value['creationDateTime'];
		$refundTransactionID = $value['refundTransactionID'];
		$externalID = $value['externalID'];
		$associatedTransactionID = $value['associatedTransactionID'];
		$crn = $value['crn'];
		$transactionAmount = $value['transactionAmount']['amount'];
		$transactionCurrency = $value['transactionAmount']['currency'];
		$merchantAmount = $value['merchantAmount']['amount'];
		$merchantCurrency = $value['merchantAmount']['currency'];
		$oldState = $value['oldState'];
		$newState = $value['newState'];
	
		$count = getCountEventID($eventID);			
		if(empty($count) || ($count < 1)) {					
			$shopOrderID = 0;			
	
			$transactions = $db->db_query("SELECT shopOrderID FROM ".DB_PREFIX."picab_transactions WHERE transactionID = '".$refundTransactionID."'");
							
			if(!empty($transactions->fields['shopOrderID'])) {
				$shopOrderID = $transactions['shopOrderID'];					
				$db->db_query("UPDATE ".DB_PREFIX."picab_transactions SET status = '$newState' WHERE transactionID = '$refundTransactionID' LIMIT 1");
			} 								

			$serializeArray = array();
			$serializeArray['eventlist']['signature'] = $signature;
			$serializeArray['eventlist']['refundEvent'] = $value;
			$eventXML = XML_serialize($serializeArray);			
			insert_mms($eventID,$shopOrderID,$externalID,$refundTransactionID,$oldState,$newState,$eventXML);											
		}		
	}						
}
	
function creditEventList($creditEventList,$signature) {
	global $xml, $db;
	
	if (!is_array($creditEventList[0]))
		$creditEventList = array($creditEventList);
	
	foreach($creditEventList as $key => $value) {
		$merchantID = $value['merchantID'];
		$projectID = $value['projectID'];
		$eventID = $value['eventID'];
		$creationDateTime = $value['creationDateTime'];
		$transactionID = $value['transactionID'];
		$externalID = $value['externalID'];
		$email = $value['email'];
		$crn = $value['crn'];
		$transactionAmount = $value['transactionAmount']['amount'];
		$transactionCurrency = $value['transactionAmount']['currency'];
		$merchantAmount = $value['merchantAmount']['amount'];
		$merchantCurrency = $value['merchantAmount']['currency'];
		$oldState = $value['oldState'];
		$newState = $value['newState'];
	
		$count = getCountEventID($eventID);			
		if(empty($count) || ($count < 1)) {					
			$shopOrderID = 0;			
		
			$transactions = $db->db_query("SELECT shopOrderID FROM ".DB_PREFIX."picab_transactions WHERE transactionID = '".$transactionID."'");
			
			if(!empty($transactions->fields['shopOrderID'])) {
				$shopOrderID = $transactions['shopOrderID'];					
				$db->db_query("UPDATE ".DB_PREFIX."picab_transactions SET status = '$newState' WHERE transactionID = '$transactionID' LIMIT 1");
			} 	

			$serializeArray = array();
			$serializeArray['eventlist']['signature'] = $signature;
			$serializeArray['eventlist']['creditEvent'] = $value;
			$eventXML = XML_serialize($serializeArray);			
			insert_mms($eventID,$shopOrderID,$externalID,$transactionID,$oldState,$newState,$eventXML);											
		}		
	}			
}
	
function recurringPaymentAuthorizationEventList($recurringEventList,$signature) {
	if (!is_array($recurringEventList[0]))
		$recurringEventList = array($recurringEventList);
	
	foreach($recurringEventList as $key => $value) {
		$merchantID = $value['merchantID'];
		$projectID = $value['projectID'];
		$eventID = $value['eventID'];
		$creationDateTime = $value['creationDateTime'];
		$transactionID = $value['transactionID'];
		$externalID = $value['externalID'];
		$crn = $value['crn'];
		$amount = $value['amount']['amount'];
		$currency = $value['amount']['currency'];
		$oldState = $value['oldState'];
		$newState = $value['newState'];
		$remainingAmount = $value['remainingAmount']['amount'];
		$remainingCurrency = $value['remainingAmount']['currency'];
		$remainingRetries = $value['remainingRetries'];
		$validUntil = $value['validUntil'];
		
		$count = getCountEventID($eventID);			
		if(empty($count) || ($count < 1)) {					
			$shopOrderID = 0;			
	
			$shopOrderIDOrder = isOrder($externalID);
			$shopOrderIDTransaction = isTransaction($externalID);
	
			if(!empty($shopOrderIDTransaction)) {
				$shopOrderID = $shopOrderIDTransaction;					
				updateTransactionStatus($externalID,$newState);								
			} else {
				$shopOrderID = $shopOrderIDOrder;									
			}					

			$serializeArray = array();
			$serializeArray['eventlist']['signature'] = $signature;
			$serializeArray['eventlist']['recurringPaymentAuthorizationEvent'] = $value;
			$eventXML = XML_serialize($serializeArray);			
			insert_mms($eventID,$shopOrderID,$externalID,$transactionID,$oldState,$newState,$eventXML);											
		}	
	}
}
	
function insert_mms($eventID,$shopOrderID,$externalID,$transactionID,$oldState,$newState,$xml){
	global $db;
	$db->db_query("INSERT INTO ".DB_PREFIX."picab_mms (eventID,shopOrderID,externalID,transactionID,oldState,newState,xml,created) VALUES ('$eventID', '$shopOrderID','$externalID','$transactionID','$oldState','$newState','$xml', NOW( ) )");
}	
		
function isOrder($externalID){
	global $db;
	$orders = $db->db_query("SELECT shopOrderID FROM ".DB_PREFIX."picab_orders WHERE externalID = '".$externalID."'");
	return $orders->fields['shopOrderID'];
} 	

function isTransaction($externalID){
	global $db;
	$transactions = $db->db_query("SELECT shopOrderID FROM ".DB_PREFIX."picab_transactions WHERE externalID = '".$externalID."'");
	return $transactions->fields['shopOrderID'];
} 	
	
function getCountEventID($eventID) {
	global $db;
	$mms = $db->db_query("SELECT COUNT(eventID) as countEventID FROM ".DB_PREFIX."picab_mms WHERE eventID='".$eventID."'");
	return $mms->fields['countEventID'];		
}	
	
function updateTransactionStatus($externalID,$status){
	global $db;
	$db->db_query("UPDATE ".DB_PREFIX."picab_transactions SET status = '$status' WHERE externalID = '$externalID' LIMIT 1");
}

function getMmsSecretKey($recurring = false) {
	global $db;
	if($recurring) {
		$settings = $db->db_query("SELECT configuration_value FROM configuration WHERE configuration_key = 'MODULE_PAYMENT_PI_CLICKANDBUY_RECURRING_SECRET_KEY_MMS'");				
	} else {
		$settings = $db->db_query("SELECT configuration_value FROM configuration WHERE configuration_key = 'MODULE_PAYMENT_PI_CLICKANDBUY_SECRET_KEY_MMS'");		
	}
	return $settings->fields['configuration_value'];		
}	
	
function checkSignature($xml,$recurring = false) {	
	$sharedKey = getMmsSecretKey($recurring);;
	
	// find signature
	$signatureTag = "<signature>";
	$signatureTagStart = strpos($xml, $signatureTag);
	$signatureTagLength = strlen($signatureTag);

	$signatureStart = $signatureTagStart + $signatureTagLength;
	$signatureLength = 40;
	$signature = substr($xml,$signatureStart,$signatureLength);

	//singature from xml
	$xmlSignature = "<signature>".$signature."</signature>";	
	$emptySignature = "<signature />";
	$xmlWithoutSignature = str_replace($xmlSignature, $emptySignature, $xml);

	//Hash 
	$textToHash = $sharedKey.$xmlWithoutSignature;
	$hash = sha1 ($textToHash);

	($signature == $hash) ?  $result = true : $result = false;
	return $result;
}	
	
?>